Workspace ONE
Workspace ONE is a unified endpoint management solution. Zentral can use multiple Workspace ONE instances as inventory sources.
Configuration
To activate the Workspace ONE module, you need to add an empty zentral.contrib.wsone
subsection to the apps
section in base.json
.
{
"apps": {
"zentral.contrib.wsone": {}
}
}
Create an instance
Once the module has been activated, you can connect Zentral to a Workspace ONE deployment. Before you can create a Workspace ONE instance in Zentral, you need to gather the following information:
attribute | value7 |
---|---|
Server URL | The base URL to connect to the Workspace ONE deployment. It usually follows this pattern: https://SUBDOMAIN.awmdm.com . |
API key | The Workspace ONE API Key. |
Client ID | The OAuth Client ID. Zentral uses OAuth to authenticate with Workspace ONE. You need to register a new OAuth client in Workspace ONE, and assign it a role. |
Client secret | The OAuth Client secret. See Client ID. |
Token URL | The region specific Token URL for the OAuth authentication. |
- Go to
Setup > WSOne > Instances
, click on theCreate
button. - Select a business unit.
- Copy the required information (see above).
- Pick a username and password. They will be used by Workspace ONE to authenticate the event notification requests to Zentral (HTTP Basic Authentication).
- OPTIONAL Enter a comma separated list of Workspace ONE organization group names (case-sensitive) in the
Excluded groups
field. Devices assigned to those groups or any of their children in Workspace ONE will not be synchronized.
Configure the Workspace ONE event notifications
To receive events in Zentral, and trigger the automatic device synchronizations, you need to configure the Event Notifications in Workspace ONE:
Target URL
,User Name
,Password
: use the information available in the Event notifications section of the Zentral Workspace ONE instance detail page.- IMPORTANT Set
Format
toJSON
. - Select the events you want to send to Zentral.
HTTP API
/api/wsone/instances/
- method: GET
- Content-Type: application/json
- required permissions:
wsone.view_instance
Use this endpoint to list all available Zentral Workspace ONE instances.
curl \
-H "Authorization: Token $ZTL_API_TOKEN" \
-H 'Content-Type: application/json' \
https://zentral.example.com/api/wsone/instances/ \
|python3 -m json.tool
Response:
[
{
"id": 1,
"business_unit": 1,
"client_id": "d2186IFnISnulzGIIwHOAJ68opAWUnFc",
"server_url": "https://cn000.awmdm.com",
"excluded_groups": ["iPads"],
"version": 12,
"created_at": "2022-01-18T16:07:59.826640",
"updated_at": "2022-01-19T09:25:20.530703"
}
]
/api/wsone/instances/{id}/
- method: GET
- Content-Type: application/json
- required permissions:
wsone.view_instance
Use this endpoint to get a specific Zentral Workspace ONE instance.
curl \
-H "Authorization: Token $ZTL_API_TOKEN" \
-H 'Content-Type: application/json' \
https://zentral.example.com/api/wsone/instances/1/ \
|python3 -m json.tool
Response:
{
"id": 1,
"business_unit": 1,
"client_id": "d2186IFnISnulzGIIwHOAJ68opAWUnFc",
"server_url": "https://cn000.awmdm.com",
"excluded_groups": ["iPads"],
"version": 12,
"created_at": "2022-01-18T16:07:59.826640",
"updated_at": "2022-01-19T09:25:20.530703"
}
/api/wsone/instances/{id}/sync/
- method: POST
- Content-Type: application/json
- required permissions:
wsone.view_instance
inventory.change_machinesnapshot
Use this endpoint to start the inventory synchronization for a specific Zentral Workspace ONE instance. A task id and URL to check the synchronization task status will be returned.
curl \
-XPOST \
-H "Authorization: Token $ZTL_API_TOKEN" \
-H 'Content-Type: application/json' \
https://zentral.example.com/api/wsone/instances/1/sync/ \
|python3 -m json.tool
Response:
{
"task_id": "b1512b8d-1e17-4181-a1c3-93a7243fddd3",
"task_result_url": "/api/task_result/b1512b8d-1e17-4181-a1c3-93a7243fddd3/"
}